(2011)<p>Anyway, I like this sentence a lot:<p>> One useful point from that discussion is that the static vsyscall page is not, in fact, a security vulnerability; it's simply a resource which can make it easier for an attacker to exploit a vulnerability elsewhere in the system.<p>One thing that's always irritated me is that dubious "hardening" changes like this one get lumped together with fixes for actual vulnerabilities, and then both get labeled as "security".